Login System
Posted: Mon Apr 30, 2007 5:56 am
Hi,
It is really very difficult to develop secure login system.
I have made one login system , with the help of this forum i want to check whether it is secure or
not. I have posted all the related code. Is there any possible for sql injection. If not what will be the best method
to make it more secure.
feyd | Please use
It is really very difficult to develop secure login system.
I have made one login system , with the help of this forum i want to check whether it is secure or
not. I have posted all the related code. Is there any possible for sql injection. If not what will be the best method
to make it more secure.
Code: Select all
<?
if($_SERVER['REQUEST_METHOD']=="POST"){
$usrname = $_POST['myuserid'];
$password = trim($_POST['mypassword']);
using('PIS.Logger');
$objLogger = new Logger;
$objLogger->login($usrname);
$data = $objLogger->dbFetchArray(1);
if(isset($data['USR_NAME']) && $data['USR_NAME'] == $usrname){
if(isset($data['PWD']) && $data['PWD'] == $password){
if(isset($data['STATUS']) && $data['STATUS'] == 'E'){
$_SESSION['privillage'] = $data['PREVILAGE'];
_Redirect("content/personnel_detail.php?List&tm=1");
}
else{
$_SESSION['err_msg'] = 'User Disabled';
}
}
else{
$_SESSION['err_msg'] = 'Password Mismatch';
}
}
else{
$_SESSION['err_msg'] = 'Invalid Username';
}
}
?>
--------------------------------------------------------------------------------------------
function login($uid){
$sql = "SELECT usr_name,pwd,status,PREVILAGE FROM usr WHERE USR_NAME='".$uid."'";
//echo $sql;
return $this->dbQueryReturn($sql);
}
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]